CompTIA Security Plus Mock Test Q970

A system administrator needs to ensure that certain departments have more restrictive controls to their shared folders than other departments. Which of the following security controls would be implemented to restrict those departments?

A. User assigned privileges
B. Password disablement
C. Multiple account creation
D. Group based privileges

Correct Answer: D
Section: Access Control and Identity Management

Group-based privileges assign privileges or access to a resource to all members of a group. Group-based access control grants every member of the group the same level of access
to a specific object.

Incorrect Answers:
A: These are permissions that are granted or denied on a specific individual user basis. This would not allow for a more restrictive control over the department’s shared folders.
B: Disabling a password would allow for a less restrictive control over the department’s shared folders.

C: Each user should only have one standard user account. Administrators can have more than one administrative account for different roles.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 290-294